Cyber Security v Information Security
Two legs of a stool supporting the same mission.
If your business is a building and the Internet is the sidewalk outside, Information Security is making sure the windows and doors are closed and locked. Cyber Security is knowing the sidewalk is busier than usual and that someone left a key under the doormat. To continue the metaphor, the third leg, Physical Security, would be the set of controls that ensure only an authenticated and authorized individual picks up that key.
Though Cyber Security is a sub-set of Information Security as a whole, the skill sets and focus diverge quite a bit. In any sized organization, understanding your team’s capabilities is key to knowing where to augment in future hiring, develop skills internally through training, or by leveraging the services of a Managed Security Service partner (MSSP).
Most likely everyone has seen a two-legged stool at some point, but no one has seen one work effectively in that condition. To make security holistic and effective, the third leg, Physical Security, cannot be overlooked. Physical Security starts simply enough, physically securing assets with the degree of strictness appropriate for their value – but extends far and wide to cover additional facets like insider threats, theft, and workplace safety.
In documented breaches it is a common theme that compromising the logical side is used to compromise the physical side – or vice versa. A converged approach to Information (+Cyber) and Physical security is the growing trend among security-focused companies to reduce silos and streamline response to threats.